Salvatore Bonaccorso pushed to branch master at Debian Security Tracker /
security-tracker
Commits:
b9975146 by security tracker role at 2022-10-28T20:10:25+00:00
automatic update
- - - - -
1 changed file:
- data/CVE/list
Changes:
=====================================
data/CVE/list
=====================================
@@ -1,3 +1,41 @@
+CVE-2022-43982
+ RESERVED
+CVE-2022-43981
+ RESERVED
+CVE-2022-43980
+ RESERVED
+CVE-2022-43979
+ RESERVED
+CVE-2022-43978
+ RESERVED
+CVE-2022-3750
+ RESERVED
+CVE-2022-3749
+ RESERVED
+CVE-2022-3748
+ RESERVED
+CVE-2022-3747
+ RESERVED
+CVE-2022-3746
+ RESERVED
+CVE-2022-3745
+ RESERVED
+CVE-2022-3744
+ RESERVED
+CVE-2022-3743
+ RESERVED
+CVE-2022-3742
+ RESERVED
+CVE-2022-3741 (Impact varies for each individual vulnerability in the
application. Fo ...)
+ TODO: check
+CVE-2022-3740
+ RESERVED
+CVE-2022-3739
+ RESERVED
+CVE-2022-3738
+ RESERVED
+CVE-2022-3737
+ RESERVED
CVE-2023-20851
RESERVED
CVE-2023-20850
@@ -538,20 +576,20 @@ CVE-2022-43959
RESERVED
CVE-2022-3736
RESERVED
-CVE-2022-3735
- RESERVED
-CVE-2022-3734
- RESERVED
-CVE-2022-3733
- RESERVED
-CVE-2022-3732
- RESERVED
-CVE-2022-3731
- RESERVED
-CVE-2022-3730
- RESERVED
-CVE-2022-3729
- RESERVED
+CVE-2022-3735 (A vulnerability was found in seccome Ehoney. It has been rated
as crit ...)
+ TODO: check
+CVE-2022-3734 (A vulnerability was found in Redis. It has been declared as
critical. ...)
+ TODO: check
+CVE-2022-3733 (A vulnerability was found in SourceCodester Web-Based Student
Clearanc ...)
+ TODO: check
+CVE-2022-3732 (A vulnerability was found in seccome Ehoney and classified as
critical ...)
+ TODO: check
+CVE-2022-3731 (A vulnerability has been found in seccome Ehoney and classified
as cri ...)
+ TODO: check
+CVE-2022-3730 (A vulnerability, which was classified as critical, was found in
seccom ...)
+ TODO: check
+CVE-2022-3729 (A vulnerability, which was classified as critical, has been
found in s ...)
+ TODO: check
CVE-2022-3728
RESERVED
CVE-2023-20601
@@ -1880,8 +1918,8 @@ CVE-2022-3710
RESERVED
CVE-2022-3709
RESERVED
-CVE-2022-3708
- RESERVED
+CVE-2022-3708 (The Web Stories plugin for WordPress is vulnerable to
Server-Side Requ ...)
+ TODO: check
CVE-2022-3707
RESERVED
CVE-2022-3706
@@ -2249,8 +2287,7 @@ CVE-2022-3699
RESERVED
CVE-2022-3698
RESERVED
-CVE-2022-3697 [improper handling of tower_callback parameter in amazon.aws
collection]
- RESERVED
+CVE-2022-3697 (A flaw was found in Ansible in the amazon.aws collection when
using th ...)
- ansible <unfixed>
NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=2137664
NOTE: https://github.com/ansible-collections/amazon.aws/pull/1199
@@ -3617,10 +3654,10 @@ CVE-2022-43278
RESERVED
CVE-2022-43277
RESERVED
-CVE-2022-43276
- RESERVED
-CVE-2022-43275
- RESERVED
+CVE-2022-43276 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-43275 (Canteen Management System v1.0 was discovered to contain an
arbitrary ...)
+ TODO: check
CVE-2022-43274
RESERVED
CVE-2022-43273
@@ -3703,18 +3740,18 @@ CVE-2022-43235
RESERVED
CVE-2022-43234
RESERVED
-CVE-2022-43233
- RESERVED
-CVE-2022-43232
- RESERVED
-CVE-2022-43231
- RESERVED
-CVE-2022-43230
- RESERVED
-CVE-2022-43229
- RESERVED
-CVE-2022-43228
- RESERVED
+CVE-2022-43233 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-43232 (Canteen Management System v1.0 was discovered to contain a SQL
injecti ...)
+ TODO: check
+CVE-2022-43231 (Canteen Management System v1.0 was discovered to contain an
arbitrary ...)
+ TODO: check
+CVE-2022-43230 (Simple Cold Storage Management System v1.0 was discovered to
contain a ...)
+ TODO: check
+CVE-2022-43229 (Simple Cold Storage Management System v1.0 was discovered to
contain a ...)
+ TODO: check
+CVE-2022-43228 (Barangay Management System v1.0 was discovered to contain a
SQL inject ...)
+ TODO: check
CVE-2022-43227
RESERVED
CVE-2022-43226
@@ -3829,20 +3866,20 @@ CVE-2022-43172
RESERVED
CVE-2022-43171
RESERVED
-CVE-2022-43170
- RESERVED
-CVE-2022-43169
- RESERVED
-CVE-2022-43168
- RESERVED
-CVE-2022-43167
- RESERVED
-CVE-2022-43166
- RESERVED
-CVE-2022-43165
- RESERVED
-CVE-2022-43164
- RESERVED
+CVE-2022-43170 (A stored cross-site scripting (XSS) vulnerability in the
Dashboard Con ...)
+ TODO: check
+CVE-2022-43169 (A stored cross-site scripting (XSS) vulnerability in the Users
Access ...)
+ TODO: check
+CVE-2022-43168 (Rukovoditel v3.2.1 was discovered to contain a SQL injection
vulnerabi ...)
+ TODO: check
+CVE-2022-43167 (A stored cross-site scripting (XSS) vulnerability in the Users
Alerts ...)
+ TODO: check
+CVE-2022-43166 (A stored cross-site scripting (XSS) vulnerability in the
Global Entiti ...)
+ TODO: check
+CVE-2022-43165 (A stored cross-site scripting (XSS) vulnerability in the
Global Variab ...)
+ TODO: check
+CVE-2022-43164 (A stored cross-site scripting (XSS) vulnerability in the
Global Lists ...)
+ TODO: check
CVE-2022-43163
RESERVED
CVE-2022-43162
@@ -4558,8 +4595,8 @@ CVE-2022-3514
RESERVED
CVE-2022-3513
RESERVED
-CVE-2022-3512
- RESERVED
+CVE-2022-3512 (Using warp-cli command "add-trusted-ssid", a user was able to
disconne ...)
+ TODO: check
CVE-2022-3511
RESERVED
CVE-2022-3510
@@ -6195,12 +6232,12 @@ CVE-2022-3404
RESERVED
CVE-2022-3403
RESERVED
-CVE-2022-3402
- RESERVED
-CVE-2022-3401
- RESERVED
-CVE-2022-3400
- RESERVED
+CVE-2022-3402 (The Log HTTP Requests plugin for WordPress is vulnerable to
Stored Cro ...)
+ TODO: check
+CVE-2022-3401 (The Bricks theme for WordPress is vulnerable to remote code
execution ...)
+ TODO: check
+CVE-2022-3400 (The Bricks theme for WordPress is vulnerable to authorization
bypass d ...)
+ TODO: check
CVE-2022-3399
RESERVED
CVE-2022-3398 (OMRON CX-Programmer 9.78 and prior is vulnerable to an
Out-of-Bounds W ...)
@@ -7228,12 +7265,12 @@ CVE-2022-41653
RESERVED
CVE-2022-41651 (The affected product DIAEnergie (versions prior to
v1.9.01.002) is vul ...)
TODO: check
-CVE-2022-41648
- RESERVED
+CVE-2022-41648 (The HEIDENHAIN Controller TNC 640, version 340590 07 SP5,
running HERO ...)
+ TODO: check
CVE-2022-41644
RESERVED
-CVE-2022-41636
- RESERVED
+CVE-2022-41636 (Communication traffic involving "Ethernet Q Commands" service
of Haas ...)
+ TODO: check
CVE-2022-41629
RESERVED
CVE-2022-41627 (The physical IoT device of the AliveCor's KardiaMobile, a
smartphone-b ...)
@@ -7749,8 +7786,8 @@ CVE-2022-3339 (A reflected cross-site scripting (XSS)
vulnerability in ePO prior
NOT-FOR-US: Trellix ePolicy Orchestrator
CVE-2022-3338 (An External XML entity (XXE) vulnerability in ePO prior to 5.10
Update ...)
NOT-FOR-US: Trellix ePolicy Orchestrator
-CVE-2022-3337
- RESERVED
+CVE-2022-3337 (It was possible for a user to delete a VPN profile from WARP
mobile cl ...)
+ TODO: check
CVE-2022-3336
RESERVED
CVE-2022-3335 (The Kadence WooCommerce Email Designer WordPress plugin before
1.5.7 u ...)
@@ -7846,12 +7883,12 @@ CVE-2022-41556 (A resource leak in gw_backend.c in
lighttpd 1.4.56 through 1.4.6
NOTE: Fixed by:
https://github.com/lighttpd/lighttpd1.4/commit/b18de6f9264f914f7bf493abd3b6059343548e50
(lighttpd-1.4.67)
CVE-2022-40690 (Cross-site scripting vulnerability in BookStack versions prior
to v22. ...)
NOT-FOR-US: BookStack
-CVE-2022-3322
- RESERVED
-CVE-2022-3321
- RESERVED
-CVE-2022-3320
- RESERVED
+CVE-2022-3322 (Lock Warp switch is a feature of Zero Trust platform which,
when enabl ...)
+ TODO: check
+CVE-2022-3321 (It was possible to bypass Lock WARP switch feature
https://developers. ...)
+ TODO: check
+CVE-2022-3320 (It was possible to bypass policies configured for Zero Trust
Secure We ...)
+ TODO: check
CVE-2022-3319
RESERVED
CVE-2022-3318
@@ -9820,8 +9857,8 @@ CVE-2022-3230
RESERVED
CVE-2022-3229
RESERVED
-CVE-2022-3228
- RESERVED
+CVE-2022-3228 (Using custom code, an attacker can write into name or
description fiel ...)
+ TODO: check
CVE-2022-40742
RESERVED
CVE-2022-40741
@@ -13042,10 +13079,10 @@ CVE-2022-39369
RESERVED
CVE-2022-39368
RESERVED
-CVE-2022-39367
- RESERVED
-CVE-2022-39366
- RESERVED
+CVE-2022-39367 (QTIWorks is a software suite for standards-based assessment
delivery. ...)
+ TODO: check
+CVE-2022-39366 (DataHub is an open-source metadata platform. Prior to version
0.8.45, ...)
+ TODO: check
CVE-2022-39365 (Pimcore is an open source data and experience management
platform. Pri ...)
TODO: check
CVE-2022-39364 (Nextcloud Server is the file server software for Nextcloud, a
self-hos ...)
@@ -14627,8 +14664,7 @@ CVE-2022-38789 (An issue was discovered in Airties
Smart Wi-Fi before 2020-08-04
NOT-FOR-US: Airties Smart Wi-Fi
CVE-2022-38788 (An issue was discovered in Nokia FastMile 5G Receiver 5G14-B
1.2104.00 ...)
NOT-FOR-US: Nokia
-CVE-2022-3018
- RESERVED
+CVE-2022-3018 (An information disclosure vulnerability in GitLab CE/EE
affecting all ...)
- gitlab <unfixed>
CVE-2022-3017 (Cross-Site Request Forgery (CSRF) in GitHub repository
froxlor/froxlor ...)
- froxlor <itp> (bug #581792)
@@ -15913,8 +15949,7 @@ CVE-2022-2884 (A vulnerability in GitLab CE/EE
affecting all versions from 11.3.
NOTE:
https://about.gitlab.com/releases/2022/08/22/critical-security-release-gitlab-15-3-1-released/
CVE-2022-2883
RESERVED
-CVE-2022-2882
- RESERVED
+CVE-2022-2882 (An issue has been discovered in GitLab CE/EE affecting all
versions st ...)
- gitlab <unfixed>
CVE-2022-2881 (The underlying bug might cause read past end of the buffer and
either ...)
- bind9 1:9.18.7-1
@@ -16020,8 +16055,8 @@ CVE-2022-2865 (A cross-site scripting issue has been
discovered in GitLab CE/EE
[experimental] - gitlab 15.2.3+ds1-1
- gitlab <unfixed>
NOTE:
https://about.gitlab.com/releases/2022/08/30/critical-security-release-gitlab-15-3-2-released/
-CVE-2022-2864
- RESERVED
+CVE-2022-2864 (The demon image annotation plugin for WordPress is vulnerable
to Cross ...)
+ TODO: check
CVE-2022-2863 (The Migration, Backup, Staging WordPress plugin before 0.9.76
does not ...)
NOT-FOR-US: WordPress plugin
CVE-2022-2862 (Use After Free in GitHub repository vim/vim prior to 9.0.0221.
...)
@@ -18508,12 +18543,12 @@ CVE-2022-37428 (PowerDNS Recursor up to and including
4.5.9, 4.6.2 and 4.7.1, wh
NOTE: https://downloads.powerdns.com/patches/2022-02/
CVE-2022-37427
RESERVED
-CVE-2022-37426
- RESERVED
-CVE-2022-37425
- RESERVED
-CVE-2022-37424
- RESERVED
+CVE-2022-37426 (Unrestricted Upload of File with Dangerous Type vulnerability
in OpenN ...)
+ TODO: check
+CVE-2022-37425 (Improper Neutralization of Special Elements used in a Command
('Comman ...)
+ TODO: check
+CVE-2022-37424 (Files or Directories Accessible to External Parties
vulnerability in O ...)
+ TODO: check
CVE-2022-37423 (Neo4j APOC (Awesome Procedures on Cypher) before 4.3.0.7 and
4.x befor ...)
NOT-FOR-US: Neo4j APOC (Awesome Procedures on Cypher)
CVE-2022-37422 (Payara through 5.2022.2 allows directory traversal without
authenticat ...)
@@ -21525,10 +21560,10 @@ CVE-2022-2476 (A null pointer dereference bug was
found in wavpack-5.4.0 The res
[buster] - wavpack <no-dsa> (Minor issue)
NOTE: https://github.com/dbry/WavPack/issues/121
NOTE:
https://github.com/dbry/WavPack/commit/25b4a2725d8568212e7cf89ca05ca29d128af7ac
(5.5.0)
-CVE-2022-2475
- RESERVED
-CVE-2022-2474
- RESERVED
+CVE-2022-2475 (Haas Controller version 100.20.000.1110 has insufficient
granularity o ...)
+ TODO: check
+CVE-2022-2474 (Authentication is currently unsupported in Haas Controller
version 100 ...)
+ TODO: check
CVE-2022-2473 (The WP-UserOnline plugin for WordPress is vulnerable to Stored
Cross-S ...)
NOT-FOR-US: WP-UserOnline plugin for WordPress
CVE-2022-2472 (Improper Initialization vulnerability in the local server
component of ...)
@@ -48248,8 +48283,8 @@ CVE-2022-26886
RESERVED
CVE-2022-26885
RESERVED
-CVE-2022-26884
- RESERVED
+CVE-2022-26884 (Users can read any files by log server, Apache
DolphinScheduler users ...)
+ TODO: check
CVE-2022-0934 (A single-byte, non-arbitrary write/use-after-free flaw was
found in dn ...)
- dnsmasq <unfixed> (bug #1014715)
[bullseye] - dnsmasq <no-dsa> (Minor issue)
@@ -87932,26 +87967,26 @@ CVE-2021-38739
RESERVED
CVE-2021-38738
RESERVED
-CVE-2021-38737
- RESERVED
-CVE-2021-38736
- RESERVED
+CVE-2021-38737 (SEMCMS v 1.1 is vulnerable to SQL Injection via Ant_Pro.php.
...)
+ TODO: check
+CVE-2021-38736 (SEMCMS Shop V 1.1 is vulnerable to SQL Injection via
Ant_Global.php. ...)
+ TODO: check
CVE-2021-38735
RESERVED
-CVE-2021-38734
- RESERVED
-CVE-2021-38733
- RESERVED
-CVE-2021-38732
- RESERVED
-CVE-2021-38731
- RESERVED
-CVE-2021-38730
- RESERVED
-CVE-2021-38729
- RESERVED
-CVE-2021-38728
- RESERVED
+CVE-2021-38734 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Menu.php. ...)
+ TODO: check
+CVE-2021-38733 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_BlogCat.php. ...)
+ TODO: check
+CVE-2021-38732 (SEMCMS SHOP v 1.1 is vulnerable to SQL via Ant_Message.php.
...)
+ TODO: check
+CVE-2021-38731 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Zekou.php. ...)
+ TODO: check
+CVE-2021-38730 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Info.php. ...)
+ TODO: check
+CVE-2021-38729 (SEMCMS SHOP v 1.1 is vulnerable to SQL Injection via
Ant_Plist.php. ...)
+ TODO: check
+CVE-2021-38728 (SEMCMS SHOP v 1.1 is vulnerable to Cross Site Scripting (XSS)
via Ant_ ...)
+ TODO: check
CVE-2021-38727 (FUEL CMS 1.5.0 allows SQL Injection via parameter 'col' in
/fuel/index ...)
NOT-FOR-US: FUEL CMS
CVE-2021-38726
@@ -89280,8 +89315,8 @@ CVE-2021-38219
RESERVED
CVE-2021-38218
RESERVED
-CVE-2021-38217
- RESERVED
+CVE-2021-38217 (SEMCMS v 1.2 is vulnerable to SQL Injection via
SEMCMS_User.php. ...)
+ TODO: check
CVE-2021-38216
RESERVED
CVE-2021-38215
@@ -90614,10 +90649,10 @@ CVE-2021-37784
RESERVED
CVE-2021-37783
RESERVED
-CVE-2021-37782
- RESERVED
-CVE-2021-37781
- RESERVED
+CVE-2021-37782 (Employee Record Management System v 1.2 is vulnerable to SQL
Injection ...)
+ TODO: check
+CVE-2021-37781 (Employee Record Management System v 1.2 is vulnerable to Cross
Site Sc ...)
+ TODO: check
CVE-2021-37780
RESERVED
CVE-2021-37779
@@ -92713,8 +92748,8 @@ CVE-2021-36900
RESERVED
CVE-2021-36899 (Authenticated (admin+) Reflected Cross-Site Scripting (XSS)
vulnerabil ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36898
- RESERVED
+CVE-2021-36898 (Auth. SQL Injection (SQLi) vulnerability in Quiz And Survey
Master plu ...)
+ TODO: check
CVE-2021-36897
RESERVED
CVE-2021-36896 (Authenticated (author or higher user role) Stored Cross-Site
Scripting ...)
@@ -92781,10 +92816,10 @@ CVE-2021-36866 (Authenticated (author or higher role)
Stored Cross-Site Scriptin
NOT-FOR-US: WordPress plugin
CVE-2021-36865 (Insecure direct object references (IDOR) vulnerability in
ExpressTech ...)
NOT-FOR-US: WordPress plugin
-CVE-2021-36864
- RESERVED
-CVE-2021-36863
- RESERVED
+CVE-2021-36864 (Auth. (editor+) Reflected Cross-Site Scripting (XSS)
vulnerability in ...)
+ TODO: check
+CVE-2021-36863 (Auth. (contributor+) Stored Cross-Site Scripting (XSS)
vulnerability i ...)
+ TODO: check
CVE-2021-36862
RESERVED
CVE-2021-36861 (Cross-Site Request Forgery (CSRF) vulnerability in Rich
Reviews by Sta ...)
@@ -92793,8 +92828,8 @@ CVE-2021-36860
RESERVED
CVE-2021-36859
RESERVED
-CVE-2021-36858
- RESERVED
+CVE-2021-36858 (Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability
in Them ...)
+ TODO: check
CVE-2021-36857 (Authenticated (editor+) Stored Cross-Site Scripting (XSS)
vulnerabilit ...)
NOT-FOR-US: WordPress plugin
CVE-2021-36856
@@ -96457,10 +96492,10 @@ CVE-2021-35390
RESERVED
CVE-2021-35389
RESERVED
-CVE-2021-35388
- RESERVED
-CVE-2021-35387
- RESERVED
+CVE-2021-35388 (Hospital Management System v 4.0 is vulnerable to Cross Site
Scripting ...)
+ TODO: check
+CVE-2021-35387 (Hospital Management System v 4.0 is vulnerable to SQL
Injection via fi ...)
+ TODO: check
CVE-2021-35386
RESERVED
CVE-2021-35385
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b997514620e010809a6e90950c891eb2c60b7d85
--
View it on GitLab:
https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/b997514620e010809a6e90950c891eb2c60b7d85
You're receiving this email because of your account on salsa.debian.org.
_______________________________________________
debian-security-tracker-commits mailing list
[email protected]
https://alioth-lists.debian.net/cgi-bin/mailman/listinfo/debian-security-tracker-commits
